Why are reputation filters typically the first filters that are applied to inbound emails in content security systems?
A. to remove spam messages, which use SMTP server resources.
B. These filters are the most complicated to run so they are executed first to conserve CPU resources.
C. to reduce the processing load on other filters by eliminating emails from known bad sources.
D. to reduce the processing load on other filters by eliminating emails from known bad sources.
In addition to helping secure and control web traffic, web content security systems also provide which three security options? (Choose three.)
A. network access controls (NAC)
B. advanced malware protection (AMP)
C. remote VPN access controls
D. insightful reporting
E. secure mobility
What are two benefits to deploying a threat-monitoring appliance for SMTP traffic? (Choose two.)
A. Email content security appliances detect malware and detonate it in a sandbox environment for further analysis.
B. Email content security appliances allow Snort rules to trigger system administrator alerts.
C. Email content security appliances can filter sensitive outbound email.
D. Reputation-based filtering can be deployed to filter a large percentage of spam email.
E. Email content security appliances establish secure tunnels between end-user email clients and the SMTP server, reducing the need for email authentication.
Which one of the following is the purpose of the content option, as shown below?
alert tcp any any -> any any (msg:"Possible exploit"; content: "|90|";)
A. The content option will trigger a drop action when it sees the decimal digit 90.
B. When Snort sees 0x90 in a packet's payload, it will generate an alert indicating that a possible exploit is occurring.
C. The above Snort rule is not valid and has formatting errors.
D. The above Snort rule should contain a destination IP address to alert the network management server.
What type of encryption mode is used to secure point-to-point based VPNs?
A. MacSEC authentication mode
B. link encryption mode
C. packet payload mode
D. 802.1Q trunking mode
E. aggressive mode
Which statement best describes VPNs?
A. VPN technology secures communication across trusted network boundaries.
B. VPNs can be defined as a technology used to secure communication across an untrusted network.
C. VPNs are best deployed on mobile and BYOD-based devices.
D. VPNs are logical networks that are dependent on the physical architecture.
E. VPNs are created at the transport layer of the OSI model.
Within a Snort rule, which one of the following statements best describes an event trigger?
A. The IPS engine compares a packet against the defined rules, and if that packets data matches all the conditions, then an event is triggered signaling a potential issue.
B. Events are triggered when the defined conditions partially match, causing the IPS engine to fire an alert.
C. An event is triggered only after the IPS engine compares the packet payloads against the known reputation database lists.
D. An event is triggered only after the IPS engine compares the header fields against the known reputation database lists.
E. Snort rules are not designed to trigger network alerts.
Why are encryption and protocol tunneling effective techniques for IPS evasion attacks?
A. Encrypted packets bypass IPS sensors, as IP and TCP header information is unreadable by the sensor.
B. Tunneling protocols send packets end-to-end and therefore cannot transit the IPS sensor.
C. IPS sensors cannot unencrypt the payload to determine the contents of the data.
D. Packets bypass the IPS sensor after its memory resources are exhausted unencrypting packets.
What are two ways that packet fragmentation can allow an attacker to evade an IPS sensor? (Choose two.)
A. IPS sensors cannot perform fragmentation and reassembly, forcing them to permit fragmented packets through the IPS sensor.
B. IPS sensors that do not reassemble fragmented packets may fail to recognize the payload as an attack.
C. Packet fragments hide the destination address of the payload, preventing the IPS from learning the hosts being attacked.
D. IPS sensors may interpret fragments differently than end hosts, allowing attacks through the sensor.
E. Setting the DNF-bit can force the IPS sensor to permit packets sent to it as a sequence of fragments, because the IPS sees them as error frames.
What should be configured on the source switch as the destination, and on the destination switch as the source when configuring RSPAN?
A. access port, access port
B. RSPAN VLAN, access port
C. RSPAN VLAN, RSPAN VLAN
D. access port, RSPAN VLAN
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.